WordPress Plugin Vulnerability – Malware
A security hole in the plugins InfiniteWP Client and WP Time Capsule led to the vulnerability of about 320’000 WordPress websites worldwide.
This vulnerability has been actively attacked in the last few days and caused several WordPress installations – also at Swizzonic – to be affected and thus infected with malware. On an online scanner like Sucuri you can check if you are infected and which files are affected.
If you are not affected by this, please check if your WordPress installation as well as your themes and plugins are up to date.
You should do this regularly to protect yourself in the future, so that you do not have a security hole that has already been closed.
How to proceed if you are affected?
- Replace the plugins/themes that are affected by malware (as indicated by the scanner) with new original versions.
Important: Updating is usually not sufficient, the affected file or the whole folder should be replaced with an original plugin or theme.
Most plugins can be downloaded from https://wordpress.org/ or directly from the author’s website.
- Make sure that all plugins, themes and your WordPress installation are up to date.
- Restore a previous version of your website
- If you still have a backup from before the malware attack, you could upload it.
- Should you no longer have a backup, we offer our customers a paid restore (up to 7 days retroactively).